DATA PROTECTION POLICY

The companies of the Tinsa Group wish to maintain a transparent relationship with their clients, informing them of how we collect and securely treat any data that they provide to us in the use of our services.

To this end, we have prepared this Privacy Policy (hereinafter the “Policy”), which will allow our clients and/or service users to consult any information they may need or to clear up any doubts they may have about how we treat personal data.

This “Policy” applies to all the environments through which we interact with our customers and request personal data from them, in particular websites, e-mail or postal mail and telephone.

Consequently, this “Policy” does not apply to third party websites, including those that may be accessed through a web link from our environments.

1. Data Controller

1.1 The principles contained in this “Policy” apply to all the companies of the TINSA Group listed below (hereinafter “The Companies”).

TINSA TASACIONES INMOBILIARIAS, S.A.U. Tax ID No. 78029774 and registered office at Calle José Echegaray nº 9, Las Rozas de Madrid. 28232 Madrid.

TINSA DIGITAL S.L.U., NIF B 86689494 and registered office at calle José Echegaray nº 9 de las Rozas de Madrid. 28232 Madrid.

1.2. Before we ask you for personal data through any customer service channel of our “Companies”, we will inform you of the entity with which you are going to contract and/or to which you are going to provide your personal data, company that will be responsible for the processing of your personal data.

1.3 Through the Tinsa Web Page you will be able to contract services from different companies of the Group, for which it will be necessary to register as a Web User.

TINSA TASACIONES INMOBILIARIAS, S.A.U. Tax ID No. 78029774 and registered office at calle José Echegaray nº 9, Las Rozas de Madrid. 28232 Madrid is the party responsible for processing this User Registration and will be the party that uses your information to control the registration and access to the services of the different “Companies” that offer services through the corporate website.

1.4 When you contract an online service, you must additionally consent to the processing of the data provided in the user registration for the specific management and development of the service you have requested through our website, and the transfer of your user data to the company providing the service. Before you request a service online we will offer you complete information about the company that will process your personal data for the provision of the service you are going to hire, as well as the purpose and the way in which they will be treated.

We inform you that through this website services of the companies Tinsa Tasaciones Inmobiliarias S.A.U. and Tinsa Digital S.L.U. are marketed.

Whose personal data is covered by this Policy?
This privacy policy, in accordance with the regulations on the protection of personal data, describes the processing, management and purpose for which the personal data of:
(a) Persons who contact the “Companies” to request a quote and/or contract a service.
b) Persons who register as Users of the corporate website www.tinsa.es to contract a service offered on the WEBSITE or to request the receipt of commercial communications.
c) Third parties whose personal data have been provided by our clients or have been obtained by the “Companies” on behalf of our clients, for the proper provision of the services requested.

3.Through which sources do we collect personal data?

3.1. Directly from our Customers or service users

The “Companies” will collect personal data provided directly by our users/customers, through the following sources:
(a) Through the Website:
We collect the personal data that you provide us with your registration, as well as the information derived from the access and use of the services that we offer you in this Website, and from your own navigation, such as (i) the data provided when registering; (ii) the data provided in the use of the services; (iii) the data derived from the communications that you maintain with us; (iv) data derived from your browsing, such as cookies (information about user preferences when visiting a website), links and system information, and about which you can obtain more detail in the Cookies Policy of our website; (v) any other data that you authorize us to process.

b) By e-mail, telephone or in person:
We collect data provided by customers through our commercial or customer services and/or through external collaborators authorized to collect data from our customers as data processors, in particular our appraisers and energy certifiers,
The data may also be collected through third parties who have been appointed by the Customers to act as their agents in relations with our “Companies” (in particular Financial Institutions).

3.2. Through other sources.

Occasionally, we may collect personal data from other sources, such as property and/or mercantile registries, city council and autonomous community registries, compensation boards, etc., when the applicable regulations require the performance of verifications or the provision of data included in these registries.

4.What personal data we collect

4.1 Customer and User Data

We collect those data necessary for the management of the requested service, in particular:
(a) Identifying data: name and surname, NIF/CIF, address, telephone, email.
b) Economic, financial and insurance data, especially related to the real estate to be reported.
c) Commercial information data, especially those related to the operation of the property or business to be reported.
d) Data on transactions of goods and services.

4.2 Third Party Data

Eventually, for the performance of our services, it may be necessary that our clients provide us with personal data of third parties, such as contact person for the management of the visit, owner of the property, data of tenants and other holders of real rights, etc… The data collected will only be processed for the purpose of their incorporation in the appraisal reports or other services provided.

The incorporation to Tinsa’s databases of data corresponding to third parties, will only proceed when necessary for the correct provision of the contracted services, and especially those necessary for the verification of the situation of ownership and occupation of the properties, existence of charges that encumber the property and could affect its value, as well as to manage the access and visit to the properties.

5. Purpose and Legitimation.

5.1 Each of the “Companies” to which this “Policy” applies will process the personal data provided by its clients and users mainly to manage the preparation of budgets and/or provision of the contracted service. The legitimacy is based on the consent of the owner of the data to the development of a business relationship.

Likewise, Tinsa may make use of the information contained in the report anonymously, not individualized and without any characteristic that can identify it, in order to carry out analysis and statistical studies of its own or of third-party companies. Said treatment will be carried out by the Tinsa group company, DataCentric Solutions, S.A.U.

If you have made a telephone call for reasons of security, integrity and quality of service, the call will be recorded and the data will be kept by Tinsa. The legitimate basis is the legitimate interest of Tinsa to guarantee and have proof of the veracity and integrity of the information provided by this means. Due to the fact that the reception, transmission and execution of customer orders that are carried out over the telephone entails the need to keep said recordings to guarantee the integrity of the information linked to a specific date, avoiding errors and misunderstandings that could harm the parties. . Likewise, the legitimate interest is based on the need to prove a conversation in a judicial proceeding, as a means of proof before a trial, in the case of litigation between the parties.

The personal data of third parties provided by our clients or collected by the “Companies” on their behalf, will be processed solely and exclusively for the correct performance of the contracted services and will be processed on the legal basis of legitimate interest of the data controller.
The client who has provided the data of third parties or on whose account they have been obtained, assumes the duty to inform, if legally necessary, said persons (third parties) of the treatment that the “Companies” will carry out of their personal data and of the rights that assist you described in this “Policy”.

5.2. If you had contracted a service with our entity and consequently were our client, we may use your data for the purpose of sending you promotional information from the company by email in relation to services similar to the one you had contracted. The treatment will be carried out in compliance with the provisions of Law 34/2002, of July 11, on services of the information society and electronic commerce. The sending of information about the activity of the company finds its legitimacy in the legitimate interest of the “Companies”, responsible for the treatment, the client being able to express at any time his opposition to this type of treatment without in any case the exercise of this right conditions the maintenance or termination of the contractual relationship that binds you with the company.

5.3 If you have expressly accepted the receipt of commercial and advertising communications (promoting our products, sending you reports and studies prepared by our companies, inviting you to participate in real estate conferences and meetings, reporting, participation in raffles called by our entity…), By checking the corresponding boxes, we will process your data for this purpose, by preparing a commercial profile based on the information provided and by automated processing, without in any case the withdrawal of this consent conditioning the performance of the contract. or the provision of services that could have been contracted. The legitimacy of the treatment will be carried out on the basis of your express consent, and you may, however, revoke it at any time.

5.4 If you have registered as a Web User, we will process your data to create and manage your Website User account, facilitate the provision of the Online Services you request, and compile statistics on the usability of our Online Services.

6. For how long we keep your data

6.1 If you are our client and we have provided you with a service, we inform you that the data provided will be kept for the management of the services and for the period necessary to (i) verify prior to accepting an order if a report has previously been issued on the same object and thus avoid possible situations of conflicts of interest that are related to the service that has been provided, (ii) for compliance with the legal obligations to which we are subject, (iii) as well as to respond to queries or claims that you or a third party may make to us.

In view of the fact that many of our reports are adopted as a reference for

the establishment of business relationships with third parties and that additionally these relationships may have a long term validity (for example when it is valued to establish the auction value before a foreclosure), we inform you that we will keep the data for a minimum period of 25 years, a period that we understand is necessary to guarantee that both our clients and legitimate third parties can access them during the period in which the active operations carried out based on them are in force. Likewise, and in view of the fact that the professional liability of our “Companies” is subject to long-term claim periods, the maintenance of the data is necessary to guarantee the defense of our interests until the expiration of the prescription period for the actions that could be derived from the services.

6.2 In the event that our contract proposal is not finally accepted by you, we inform you that we will keep your data for a period of 24 months for the purpose of verifying special situations of conflicts of interest, as well as to have your data available for future offers. or for the fulfillment of any other purposes and treatments that you have consented to.

6.3. If you were registered as a User of our page www.tinsa.es property of Tinsa Tasaciones Inmobiliarias, S.A.U. We will keep your personal data for the purpose of facilitating new contracts for our services. However, if we detect that for a period of two years you have not used or interacted with your account or with any of our online services, we will proceed to cancel your user account by blocking your data.
6.5. If you have expressly consented to receive commercial information, we will keep your data for this purpose until the moment you cancel the service.
6.6 In any case, we remind you that you have the right to cancel your personal data at any time.

7.With whom we share your data.

The “Companies” may share the data in the cases necessary for the strict and exclusive compliance or satisfaction of the aforementioned purposes, or for any other purpose necessary for the proper development of the relationship with you or cause that was justified by legitimate interest. de Tinsa, as well as in the legally provided cases. In particular, we may give access or communicate your personal data without the consent of the owner, in the following cases:

a) With the Courts and Tribunals, State Security Forces and Bodies and with other Administrative Authorities, especially the Bank of Spain, CNMV, Public Treasuries, or another authority, when we understand that it may legally require them.
b) With third-party Tinsa data processors who perform functions on our behalf (including appraisers, external consultants and professional advisors, accountants-auditors, IT providers who develop our technological systems or guarantee their security and other data processors) when the correct provision of the service requires access to the personal data of our Clients, with which in any case and to guarantee the security of their data, the “Companies” will sign the corresponding contract regulated by the obligations of each of said data processors .
c) We may also share your data with group companies for internal administrative purposes.

8. International Data Transfer

The “Companies” belong to a multinational group, so in order to comply with the purposes set forth in this “Policy”, as well as for internal administrative purposes, there is the possibility of access to your personal data from any of the companies in the GROUP, by our employees, agents or contractors”.

You can access the updated list of the companies that form a group with the “Companies” at the following link.

These companies are located in different countries, some of which are located outside the European Economic Area (EEA)

In some of those countries, data protection laws do not always offer the same level of protection as in the European Union.

However, in the event that we transfer Personal Data to countries or territories that do not offer a level of protection comparable to that of the EU, we will establish the necessary technical and legal measures to guarantee the security and legitimacy of the international transfer, as well as the adequate confidentiality and secrecy of the transferred data.

Specifically, in such cases, TINSA will sign an agreement with the entity or entities importing the data, which includes the standard contractual clauses established in European Commission Decision 2010/87/UE, of February 5, 2010 or those that in its

constitution of those could be approved in the future.
Having clarified the above, if you wish, you can request additional information on the specific protection measures and guarantees applied by TINSA to the export of your Personal Data to countries without a comparable level of protection, as well as on the specific locations of the companies that were having access to your personal data in compliance with the aforementioned purposes, by contacting us at the following address protecciondedatos@tinsa.com.

9. Security Measures

We undertake to treat your data in accordance with the provisions of the applicable regulations and, in particular, to (i) treat the data to which we have access, with sufficient guarantees of confidentiality; and (ii) adopt those technical and organizational security measures necessary to prevent alteration, loss and unauthorized treatment or access to your data.

All your data is stored on secure servers (or secure physical copies) owned by us or our subcontractors or business partners, and our security criteria and policies (or other equivalents of our subcontractors or partners) apply to access and use of them. of business).

Although in data transmissions over the Internet or from a website it is not possible to guarantee absolute protection against intrusions, both we and our subcontractors and business partners make every effort to maintain the physical, electronic and procedural protection measures necessary to guarantee the protection of your information in accordance with the applicable requirements regarding data protection.

10. Rights that assist you

Finally, we inform you that you have the following rights:

(A) Access: You can ask us to provide you with more details about how we process your personal data and request a copy of the personal information we hold about you.

(B) Rectification: You can ask us to change any inaccuracies in the personal data we have about you.

(C) Deletion: You can ask us to cancel your personal data when we no longer have legal reasons to use it and the relationship that binds us to you has expired.

(D) Limitation of treatment: you can restrict the treatment of your data by TINSA for one or more specific purposes.

(E) Opposition: you can oppose the processing of your data by the company for a specific purpose, provided that said processing is not necessary for the fulfillment, development and control of your relationship l.

(F) Data portability: You can ask us to transfer the personal information you have provided to us to a third party.

You can exercise your rights of access, rectification, deletion, limitation in the treatment, opposition and portability of data before the company that has been identified as responsible for the data at the time of registration of the same, in the following way:

TINSA REAL ESTATE APPRAISALS, S.A.U. NIF 78029774 and registered office at calle José Echegaray nº 9 de las Rozas in Madrid. 28232 Madrid.

By sending an email to the address protecciondedatos@tinsa.com or by letter to the indicated address addressed to our Legal Department, accompanying an identity document and referring to the rights that you specifically want to exercise.

TINSA DIGITAL S.L, NIF B 86689494 and registered office at calle José Echegaray nº 9 de las Rozas in Madrid. 28232 Madrid.

By sending an email to the address protecciondedatos@tinsa.com or by letter to the indicated address addressed to our Legal Department, accompanying an identity document and referring to the rights that you specifically want to exercise.

Ultimately, you can request information about your rights and file a claim with the Spanish Data Protection Authority, with address at calle Jorge Juan, nº 6, 28001 Madrid.

LIST OF COMPANIES THAT FORM TOGETHER A BUSINESS GROUP WITH TINSA VALUATIONS INMOBILIARIAS S.A.U. AND WITH TINSA DIGITAL S.L.U.

a) Elisandra Spain X. S.L.U.
(a) Asertia Real Estate, S.L.U.
(b) Tinsa Real Estate Appraisals, S.A.U.
(c) Tinsa Internacional de Inversiones, S.L.U.
(d) Taxo Valuation, S.L.
(e) Tinsa Digital S.L.U.
(f) Tinsa Portugal – Avaliações e Consultoria S.A.
(g) Real Estate Appraisals of Argentina, S.A.
(h) Real Estate Appraisals of Mexico, S.A. de C.V.
(i) Real Estate Appraisals of Chile, S.A.
(j) Tinsa, S.A.C.
(k) Tinsa Colombia Ltda.
(l) Taxo Chile Spa
(m) AppraisalsTinsa Ecuador, S.A.
(n) Trosstwijk Groep B.V.
(or) Troostwijk Taxaties B.V.
(p) Troostwijk Expertises B.V.
(q) Apresa B.V.
(r) Troostwijk Real Estate B.V.
(s) Bijl Taxaties B.V.
(t) Cap Eval, S.A.R.L.
(u) DataCentric Solutions SAU
(v) DEYDE, Data Quality, S.L.U.